Intel Fucks Up Jump Conditional Code Cache, New ucode
grarpamp
grarpamp at gmail.com
Tue Nov 12 21:30:33 PST 2019
Bunch of other exploits rolled up...
Too bad users had to wait, for again the Nth time
in a couple years, for 'responsible disclosure'
over their top secret closed source hardware.
#OpenFabs , #OpenHW , #OpenAudit
https://xenbits.xen.org/xsa/advisory-305.html
https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort
TSX Asynchronous Abort (TAA, CVE-2019-11135) vulnerability
An attacker, which could include a malicious untrusted user process on a
trusted guest, or an untrusted guest, can sample the content of
recently-used memory operands and IO Port writes.
CVE-2019-11139 MD_CLEAR Operations
It was discovered that certain Intel Xeon processors did not properly
restrict access to a voltage modulation interface. A local privileged
attacker could use this to cause a denial of service (system crash).
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915
A malicious virtual machine could use this flaw to generate an MCE
resulting in a denial of service of the host OS, including all other
virtual machines.
Intel researchers discovered that Intel graphics processors could
cause a system hang when userspace performed a read from GT memory
mapped input output (MMIO) when the product is in certain low power
states. A local user could use this to cause a denial of service
(system hang).
Intel researchers discovered that Intel graphics processors allowed
userspace to modify page table entries via writes to MMIO from the
Blitter Command Streamer and exposed kernel memory information,
resulting in possible privilege escalation and information disclosure
vulnerabilities. A local user could use this issue to escalate their
privileges on the local machine.
More information about the cypherpunks
mailing list